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(54) Secure communication system 

(57) A secure communication system for transmis- 
sion of messages utilises postage meters (10) as termi- 
nals of tiie system. The postage meters include means 
(13) for input of postage amount, an encryptor (26) to 
encrypt postage information to be printed by a printer 
(21) of tiie meter. The input means are used for input of 
a message, the encryptor encrypts tfie message with a 
key unique for an intended recipient terminal and the 

25^ 



printer prints tiie encrypted message on a mail item 
(20). The terminals also are provided wrtii reading 
means (31 ; 32) to read a received encrypted message 
(30) and tiie encryption means (26) is utilised to decrypt 
the received encrypted message using the unique key 
of the recipient terminal. 



13 



12 



13" 



16 



17 



18- 



- ROM 



RAM 



NVM 



1. 



26^ 



KEY 
BOARD 



DISPLAY 



NTVM 



5. 



ENCRYP- 
TION 
CIRCOIT 



MICRO- 
PROCESSOR 
11 



MOTOR 
CONTROL 



SENSORS —I 



19 ■ 



MOTORS 



2X. 



24 

± 



POWER 
SUPPLY 



23" 



21. 



SCANNING 
DEVICE 



PRINT 
HEAD 



20 



FIG 1 



Ql 
LU 



Primed by Xerox (UK) Business Services 



EP0859341A2 2 



1 

Description 

This invention relates to a system for secure com- 
munication of messages from an originator of a mes- 
sage to an intended recipient of the message. 

In systems for applying postage indicia to mail 
items it has been proposed to include encrypted infor- 
mation in the irrp-int of the postage indicia in order to 
provide security in respect of the postage indicia. The 
information which is encrypted relates to the postage 
meter system utilised to print the indicia so as to identify 
the mailer and also relates to postage information, for 
example the amount of postage charge applicable to the 
mail item and for which accounting has been effected. 
The encrypted information may be printed as alphanu- 
meric characters but it has also been proposed to print 
the encrypted information in the form of a so-called 2D 
code comprising an array of binary elements of first and 
second characteristics, for example black and white. 

According to the invention a secure communication 
system includes a sender postage metering terminal 
and a plurality of recipient postage metering terminals, 
each temrtinal comprising input means for input of a 
postage charge; encryption means for encrypting post- 
age information; printing means for printing a postage 
indicium including said encrypted postage information 
on a mail item; wherein the input means is operable to 
input a message, intended for receipt by a designated 
one of the recipient terminals, to said encryption means; 
said encryption means being operable to encrypt said 
message using a key unique to the designated recipient 
terminal; and each terminal including means for input of 
a received encrypted message to the encryption means 
and the encryption means being operable to use a key 
unique to that terminal to decrypt the encrypted mes- 
sage. 

An embodiment of the invention will now be 
described with reference to the drawings in which :- 

Rgure 1 is a block diagram of a postage meter for 
use as a terminal in a secure message transmis- 
sion system, and 

Rgure 2 illustrates a hand held scanning device 
connected to the postage meter. 

Referring first to Rgure 1 of the dravirings, a postage 
meter 10 includes electronic accounting and control 
means comprising a micro-processor 11 operating 
under program routines stored in a read only memory 
(ROM) 12. A keyboard 13 is provided for input of com- 
mands and data by a user and a display 14 is provided 
to enable display of information to the user. A random 
access memory (RAM) 13 is provided for use as a work- 
ing store for storage of temporary data during operation 
of the postage meter Non-volatile duplicated memories 
16. 17 are provided for the storage of critical data relat- 
ing to use of the postage meter and which is required to 
be retained even when the postage meter is not pow- 



ered. The microprocessor 11 carries out accounting 
functions in relation to use of the postage meter for 
franking mail items with postage charges applicable to 
handling of the mail items by the postal authority or 
5 another carrier. Accounting data relating to use of the 
postage meter for printing franking inrpressions repre- 
senting postage charges for mail items and any other 
critical data to be retained is stored in the non-volatile 
memories 16, 1 7. The accounting data includes a value 
10 of aedit available for use by the meter in franking mail 
items, an accumulated total of value used by the meter 
in franking mail items, a count of the number of mail 
items franked by the meter and a count of the number of 
mail items franked with a postage charge in excess of a 
75 predetermined value. The value of credit is stored in a 
descending credit register, the accumulated total value 
is stored in an ascending tote register, the courrt of 
items is stored in an items register and the count of 
items franked with a postage charge in excess of a pre- 
20 determined value is stored in a large items register. As 
is well known in the postage meter art, each of the reg- 
isters referred to hereinbefore for storing accounting 
data is replicated in order to enable integrity of the 
accounting data to be maintained even in the event of a 
25 fault or termination of power to the meter during a frank- 
ing operation. Two replications of each of the registers 
are provided in each of the menrrory devices 16. 17. 

A motor controller 1 8 is controlled by the microproc- 
essor 10 to control operation of motors 19 driving feed- 
so ing means (not shown) for feeding a mail item 20 past a 
digital print head 21 . The digital print head 21 may be a 
thermal print head including selectively energisable 
thermal printing elements. Sensors 22 are provided to 
sense and monitor feeding of the mail item. The sensors 
35 provide signals to the microprocessor to enable the 
microprocessor to control feeding of the mail item and to 
selectively energise the thermal print elements of the 
print head at appropriate times as the mail item is fed 
past the print head. As the mail item is fed past the ther- 
40 mal printing elements of the print head 2 1 during a prim- 
ing operation, the microprocessor outputs on line 23, in 
each of a series of printing cycles, print data signals 
selecting those ones of the printing elements which are 
to be energised in each respective printing cycle. A 
45 pulse of electrical power is supplied to the selected ther- 
mal printing elements from a power source 24. 

The thermal printing elements are disposed in a 
line extending transversely to the direction in which the 
mail item is fed. Energisation of selected thermal print- 
so ing elements of the print head in a printing cycle causes 
the thermal transfer selected areas of ink from an ink 
ribbon and repeated selection and energisation of 
selected printing elements In the series of printing 
cycles results in printing of dots in required positions of 
55 a corresponding series of columns spaced along the 
mail item in the direction of feeding of the item. Accord- 
ingly a complete printed impression is built up in a col- 
umn by column manner in the series of printing cycles of 
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a printing operation, tt is to be understood that although 
the postage meter is described hereinbefore as includ- 
ing a thermal printer for printing franking impressions on 
mail items, the postage meter may include other types 
of digital printing device such as , for example, inpact 5 
dot matrix, ink jet and laser. 

It will be appreciated that, as is well known in the 
postage meter art. the postage meter must operate in a 
secure manner and be protected from attempts to use 
the meter fraudulently for example by utilising the post- 10 
age meter to print franking impressions on mail items for 
which no corresponding postage charge has been 
accounted for by the accounting means. Accordingly 
those parts of the postage meter required to be secured 
against unauthorised tanpering are housed in a secure is 
housing 25. 

In order to provide security in the printed postage 
indicium, the postage meter is provided with means to 
encrypt information. In the present embodiment as illus- 
trated in figure 1 , the encryption means is an encryption 20 
circuit 26 connected to the microprocessor 1 1 . However 
if desired encryption of the information may be effected 
by the microprocessor 1 1 operating under a software 
routine, postage information, which includes the post- 
age amount and may include other data as well, is 25 
encrypted by the encryption circuit 26. or by the micro- 
processor 1 1 . and the resulting encrypted infornBtion is 
included as part of the information included in the post- 
age indicium printed by the print head. 

When canrying out a franking operation, postage 30 
information including a postage charge to be applied to 
the mail item 20 Is input to the microprocessor 1 1 by 
means of a keyljoard 1 3. The miaoprocessor 1 1 carries 
out accounting functions in respect of the postage 
charge and the encryption circuit 26 operates on the 35 
postage information to generate encrypted information. 
The enaypted information is input to the microproces- 
sor which then outputs print signals to the print head to 
cause the print head to print a postage indicium 27 (see 
Figure 2) including the postage information and the 40 
encrypted information on a mail item. The postage infor- 
mation may be printed in visually readable form 28 and 
also in machine readable code form 29, for example 2D 
code comprising an an-ay of pixels representing the 
information. 45 

In accordance wit the present invention it is pro- 
posed to utilise the postage meter 10 to print additional 
information 30 comprising a message encrypted in the 
form of a 2D code and to enable the reading and 
decrypting of this message by use of a recipient's post- so 
age meter. The message 30 may be printed on the exte- 
rior of the mail item 20 and may be printed in the same 
printing operation as that in which the postage indicium 
27 is printed or the message may be printed on an 
insert placed inside an envelope. The message is ss 
encrypted utilising the encryption circuit 26 in a manner 
to ensure that it is intelligible only to an intended recipi- 
ent. Accordingly the message is encrypted using data 



unique to the recipient's postage meter and this data 
may for example comprise a serial number of the meter 
or a security key. In addition, or alternatively, a seaet 
key may be used in the encryption of the additional 
infomnation. The secret key would be a key known only 
to both the sender and the intended recipient of the 
infomiation and use of this key would be agreed by the 
sender and intended recipient prior to sending the mes- 
sage. 

The postage meter, as shown in Figure 1, is pro- 
vided with a scanning device 31 housed in the housing 
25. The scanning device 31 is connected to the micro- 
processor 1 1 and is operable to scan information in 2D 
code form on a received mall item 20. The item 20 car- 
ries the postage indicium which may include t>oth the 
visually readable portion 28 and a portion 29 in 2D 
code. In addition the item carries the encrypted mes- 
sage 30 in 2D code. When the item is received the mes- 
sage on the item is scanned by the scanning device 31 
and electrical scanning signals resulting from the scan- 
ning of the item are input to the microprocessor 1 1 . The 
microprocessor inputs these scanning signals to the 
encryption circuit 26 which is operable to utilise data 
unique to that recipient terminal, for example the secu- 
rity key or the serial number of the meter, to decrypt the 
scanned encrypted information and thereby produce 
the message in non-encrypted form. The encryption cir- 
cuit outputs the decrypted message to the microproces- 
sor where it may be displayed on the display 14 or may 
be output to the print head 21 to produce a printed copy 
of the message. It will be appreciated that if the mes- 
sage is received by a person other than the intended 
recipient the message will not be intelligible to that per- 
son in its enaypted form and the message can not be 
decrypted without the key known to the intended recipi- 
ent. 

, The scanning device may be a device 1 4 housed in 
the housing of the postage meter as shown in Figure 1 
or may be a hand held device 32 connected by a flexible 
cable 33 to the postage meter 10 as shown in Rgure 2. 

As mentioned hereinbefore, iretead of providing an 
encryption circuit to encrypt postage information, 
encryption of the postage information may be effected 
by the microprocessor operating under the control of a 
software program routine. It is to be understood that 
infomiation to be included In a secure message likewise 
may be encrypted by the microprocessor and a received 
message be decrypted by the microprocessor operating 
under a software routine. 

By printing the encrypted message in 2D code rela- 
tively high density of the information contained in the 
message may be attained. Accordingly a relatively long 
message which in plain text alpha characters would 
occupy more than one page could be contained within 
2D code printed on an item the size of a conventional 
postcard. 

While it may be convenient to use the same code 
for the printing of the postage indicium 29 and the mes- 
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sage 30. the code used for printing the message 30 may 
be different from the code used to print the postage ind- 
icium 29. For example, the postage indicium may be 
printed using a code known as PDF417 while the mes- 
sage may be printed using a Datamatrix code. If obtain- 
ing high density in printing of the message Is not 
required, the encrypted message may be printed in 
alphanumeric characters. An encrypted message 
printed in the form of alphanumeric characters could be 
scanned by the scanning device 31 or 32 and the micro- 
processor may be operated under character recognition 
software to generate signals representing the alphanu- 
meric characters for input to the encryption circuit or the 
alphanumeric characters of the printed encrypted mes- 
sage may be input by an operator using the keytx}ard 
13- 

The secure message transmission system 
described hereinbefore may be used tor internal mail 
within a company where each department has a termi- 
nal as shown in the drawing comprising a personal com- 
puter to which is connected a secure unit, a printer and 
a scanning device. 

The item of mail would be addressed, by a visually 
readable destination address, to an intended recipient 
department or person and the item would bear a mes- 
sage printed in encrypted form for that department or 
person. Upon receipt of the item, the message would be 
input to the conrputer either by scanning or. if the 
encrypted message is printed in alphanumeric charac- 
ters, by input on the keyboard. An operator in the 
intended recipient department, or the intended recipient 
person, then enters identification information by means 
of the keyboard, by means of a card read by the scan- 
ning device or by a smart card coupled via reading 
means to the computer. The identification information 
input to the computer consists of or includes a key for 
use by the deayption circuit of the secure module to 
decrypt the encrypted message. 

If desired, a database of keys for use in encryption 
and decryption of infornr^tion may be located at a postal 
authority centre for use by operators of the franking 
machine message transmission terminals. Access to 
the database may be provided by the same communica- 
tion means utilised for other communications of the 
franking machine and postal authority centre for exam- 
ple as used when resetting aedit In the franking 
machines. 

Hereinbefore, the terminal for transmission and 
reception of a secure message has been described as 
a dedicated postage meter. However postage metering 
systems are known comprising a secure postage meter- 
ing unit connected to a personal conputer. The secure 
postage metering unit performs the secure accounting 
functions and enayption functions of a dedicated post- 
age meter but does not include the printer of a dedi- 
cated postage meter. Accordingly, if desired the 
terminal may comprise a secure postage metering unit 
connected to a personal computer. 



Postage meters operating in a pre-payment mode 
include non-volatile registers storing values of credit 
available for use in franking operations. In the same 
manner, the secure postage metering unit Includes a 

5 non-volatile register storing a value of credit Since the 
message transmitted from one terminal is to a desig- 
nated recipient, the secure message transmission sys- 
tem described hereinbefore may be utilised to transfer 
value stored in the non-volatile register of one terminal 

10 to a non-volatile register of a designated terminal. 

aaims 

1 . A secure communication system characterised by a 
IS sender postage metering terminal (1 0) and a plural- 
ity of recipient postage metering terminals (10). 
each terminal (10) comprising input means (13) for 
input of a postage charge; encryption means (26) 
for encrypting postage information; printing means 

20 (21) for printing a postage Indicium (27) including 
said encrypted postage information (29) on a mail 
item (20); wherein the input means (13) of the 
sender terminal is operable fo input a message, 
intended for receipt by a designated one of the 

25 recipient terminals, to the encryption means (26) of 
the sender terminal; said encryption means of the 
sender terminal being operable to encrypt said 
message using a key unique to the designated 
recipient terminal; and each recipient terminal 

30 including means (31) for input of a received 
encrypted message (30) to the encryption means 
(26) of the recipient terminal; and the encryption 
means of the designated recipient terminal being 
operable to use a key unique to that terminal to 

35 decrypt the encrypted message. 

2. A secure communication system as claimed in 
daim 1 wherein the printing means (21) of the 
sender terminal is operable to print the encrypted 

40 message (30) on a mail item (20) and wherein the 
input means of the recipient terminals includes 
means (31 ; 32) to read the printed encrypted mes- 
sage from the mail item (20). 

45 3. A secure communication system as claimed in 
daim 1 or 2 wherein the printing means (21) of the 
sender terminal is operable to print the encrypted 
message in the form of a 2D code. 

50 4. A secure communication system as claimed in any 
preceding daim wherein the key unique to the 
recipient terminal comprises an identification 
number of the designated terminal. 

55 5. A secure communication system as claimed in any 
preceding daim wherein the key unique to the 
recipient terminal comprises a secure secret key. 
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6. A secure communication system as claimed in any 
preceding daim wherein the printing means (21) of 
the recipient terminal is operable to print the 
decryption of the encrypted message. 

5 

7. A secure communication means as claimed in any 
preceding claim wherein the recipient terminal 
includes display means (14) operable to display the 
decryption of the enaypted message. 

10 

8. A secure communication system as claimed in 
claim 2 wherein the means for reading the 
encrypted message includes a hand-held scanner 
(32) connected to the recipient terminal. 

15 

9. A secure communication system as claimed in any 
preceding claim wherein the terminals each com- 
prise a secure postage metering unit connected to 
a computer and a printer connected to the compu- 
ter. 20 
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(54) Secure communication system 

(57) A secure communication system for transmis- 
sion of messages utilises postage meters (10) as termi- 
nals of the system. The postage meters include means 
(13) for input of postage amount, an encryptor (26) to 
encrypt postage Information to be printed by a printer 
(21) of the meter. The input means are used for input of 
a message, the encryptor enaypts the message with a 
key unique for an intended recipient terminal and the 



printer prints the encrypted message on a mail item 
(20). The terminals also are provided with reading 
means (31; 32) to read a received encrypted message 
(30) and the encryption means (26) is utilised to decrypt 
the received encrypted message using the unique key 
of the recipient terminal. 
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